Company

Security

Resources

Phishing Scam Prevention Tips

Phishing is an online scam where the bad guys try and get you to give up personal information, such as login id/password or social security number, by masquerading as a trusted source.

Usually a fraudulent email is sent that looks like it is from a legitimate company urgently asking to click on a link and enter in personal information for account verification.

Prevention

When asked personal information on a website for items like your mother's maiden name, do not give them the real one since this can be found on genealogy websites. This goes for other private questions such as your high school mascot or teacher's name. Give them a phony one but one you remember.

Tools

MSN search toolbar has been supplanted by Windows Live toolbar. Unfortunately, the former free phishing filter add-in is part of the costly Windows Live OneCare.

TrustWatch has antiphishing plug-ins for Firefox and Internet Explorer.

How Antiphishing Tools Work

When a link is clicked on, the antiphishing tool sends the wanted URL to a security center where it is compared to a known set of bad sites. If there is a match, the antiphishing tool will warn or block you from visiting the site. If there is no match but the antiphishing center determines the URL is suspicious, it will warn you so.

Reporting Phishing Scams

Security Updates

Make sure your browser has the latest security updates.

Links in Emails

Clicking on email links can be a dangerous thing. You may think you are clicking on a legitimate link, such as a link to your bank or financial institution, but in reality the link is to a site that *looks* like your bank. When you type in your username and password the bad people get it. Legitimate sites never ask you for private information via email.

Because these phishing emails look genuine, many times they get past spam filters.

Automated ways of detecting phishing is very difficult so you must rely on your common sense, though there are some anti phishing tools available. Some of these tools also alert you if you are headed toward a spam site. The best defense is to go directly to your bank through your browser rather than email.

Popup Windows

Do not enter private information or login in a popup window. A popup window may look like it is associated with a legitimate site but may not be.

Suspicious Emails

Do not respond to emails, phone calls, text messages, or instant messages that ask for private information. No legitimate company will ask for personal information via an email.

Bad Emails

There are several things to watch out for in emails

Poor grammar or misspellings

Emails that refer to you in general and give no identifying information such as a few digits in your account number or your name.

Emails that end up in your bulk or junk mail folder. Sometimes legitimate ones do end up there.

Regular Account Login

Login to your accounts regularly and make sure nothing is amiss.

Secure Site

Very important! Before entering any personal information, make sure the website is secure. The URL should begin with https:// and not http://. If it begins with http:// you cannot be certain that the site you are looking at is genuine.

One trick we use is to type in an invalid login id and password if the login site begins with http://. An error occurs but then the resulting page is a secure one starting with https: then you can check the validity of the page by clicking on the browser's lock (not the web page's lock https://. Then you can check the validity of the page by clicking on the browser's lock (not the web page's lock) and see who owns the web page.